CVE-2026-10201

EUVD-2026-33523
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The project tagged the reported issue as bug.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Common Weakness Enumeration
References
https://github.com/assimp/assimp/
https://github.com/assimp/assimp/issues/6613
https://github.com/user-attachments/files/27153727/poc.zip
https://vuldb.com/cve/CVE-2026-10201
https://vuldb.com/submit/821182
https://vuldb.com/vuln/367481
https://vuldb.com/vuln/367481/cti